Very basic plugin - if an admin tries to view or change the rcon password using sm_cvar or sm_rcon they will be denied and their info logged.
Users will only be able to access the rcon password via rcon rcon_password, in which case the obviously already have it.

cheers I'll have a look. Will you be adding any punishment system or something to make one alert of an attempt. If someone tries to steal rcon pass, the first you know about it is if you check logs, is this correct?

cheers I'll have a look. Will you be adding any punishment system or something to make one alert of an attempt. If someone tries to steal rcon pass, the first you know about it is if you check logs, is this correct?

I can add kick/ban support if you/anyone want that.
At the moment, they are denied and logged, so yes you would have to check your logs.

The log file is only created if someone is caught, so if you see it on your server, you should have a look inside it.

There is a lot of exploitation in L4D2 with downloading cfg files from servers and sending false packets of data to get authentication.

Somehow there are players who are able to get root admin to my server with this plugin installed. I am still not 100% the direct method they are using. I already have consistency enforced and sv_allowupload 0. However, players are still able to get to it.

Do you have any suggestions or any other ways of protecting my server?

One question.
Can you add that function to your script: (?)
Only for the admins from the admins_simple.ini can send the rcon_password cvar to the server? Anyone else must be kicked or banned from the server when he send this cvar to the server? On my servers, my logs full with the: Bad rcon password ......... rows. Too many loser try to cracking these servers.
(sorry for my bad english)